Products and Services Privacy Policy
Latest update: 01 December 2025.
Welcome to the Infinian Products and Services Privacy Policy.
Infinian Data Solutions Limited (referred to as ‘Infinian’, ‘we’, ‘us’ or ‘our’ in this privacy policy) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data which we collect and process about you in respect of our products and services and tell you about your privacy rights and how the law protects you.
This privacy policy is provided in a layered format so you can click through to the specific areas set out below. Please refer to the Glossary for the meaning of the defined terms and phrases used in this privacy policy.
1. IMPORTANT INFORMATION AND WHO WE ARE
2. THE DATA WE COLLECT ABOUT YOU
3. HOW IS YOUR PERSONAL DATA COLLECTED?
4. HOW WE USE YOUR PERSONAL DATA
5. DISCLOSURES OF YOUR PERSONAL DATA
6. INTERNATIONAL TRANSFERS
7. DATA SECURITY
8. DATA RETENTION
9. YOUR LEGAL RIGHTS
10. GLOSSARY
1. Important information and who we are
Who are Infinian?
Infinian provides highly insightful data to Customers in the financial services sector, gaming sector, fintech companies and some of the largest global data businesses and credit bureaux.
Typically, our Customers use Infinian’s products and services to verify the information that you, as an individual, give to them about yourself. The Infinian products and services do this by matching reference data (which we receive from Data Suppliers) against the data you give about yourself to our Customers.
Purpose of this privacy policy
Infinian is the data controller and responsible for your personal data.
Infinian takes the protection and security of your personal data very seriously. This privacy policy sets out the personal information we collect and process about you through our products and services, the purposes of the processing and how you can exercise your privacy rights.
You may be reading this privacy policy because of a hyperlink provided by one of our Data Suppliers or Customers or you may have another reason to seek information on processing in relation to Infinian’s products and services.
Our Customers and Data Suppliers will have a lawful reason for processing your data and will have a separate relationship with you. They are separately required to provide you with information (for example through their own privacy notice) about how they collect and process your data.
Where Infinian collects your personal information from you directly, for example, through our website or because you have applied for a job with us, please instead see Infinian’s: Website Privacy Policy.
Contact details
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please send an email to our DPO at dpo@infinian.co.uk, or to our Compliance Team at: compliance@infinian.co.uk,
or
Alternatively, you can write to either our DPO or Compliance Team at the following address:
Infinian Data Solutions Limited
Glasshouse
Alderley Park
Nether Alderley
Cheshire
SK10 4ZE
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.
Changes to the privacy policy
We keep our privacy policy under regular review. The latest date that the privacy policy as updated can be found above.
2. THE DATA WE COLLECT ABOUT YOU
Data Suppliers
The type of personal information we collect about you from Data Suppliers includes, but is not limited to, your: name, current and previous addresses, residential and marital status, date of birth, email address, telephone numbers (home, mobile, work), number of dependants, employment status, income and expenditure details, bank account and sort code, CRA data, IP address, device type and loan application and outcome details.
We do not collect any personal information from children, or about children, nor do we collect sensitive or special category data.
Customers
When we receive personal data from Customers for the sole purpose of providing verification services back to that same Customer, we may act as a data processor under their instructions. In all other circumstances, including when we use data for our own business purposes or share it with other Customers, we act as the data controller.
3. HOW IS YOUR PERSONAL DATA COLLECTED
As explained in "Important Information and Who we Are" (above), we receive personal data about you from Data Suppliers and, occasionally, Customers.
4. HOW WE USE YOUR PERSONAL DATA
We will collect and process personal information where we have a lawful basis for doing so, including where the processing is for a legitimate interest and not overridden by your data protection interests or fundamental rights and freedoms. Legitimate
interests include our own legitimate business interest and those which provide a societal benefit, such as preventing fraud, protecting vulnerable customers, crime prevention and detection.
We share your personal data with our Customers on the lawful basis and for the
purposes set out in this table:
Purpose
Tracing, verification and validation of identity
Credit and risk management
Affordability
Identification of Vulnerability
Examples (non-exhaustive)
1) The tracing of individuals for the purpose of debt collection, national
security, crime prevention and detection, fraud prevention and anti-money laundering processes and asset reunification.
2) Checking of identities.
3) Age verification and authentication services.
4) Individual reference or lookup services.
5) Know your custom
To assist a bank or other financial institution you have a relationship with in enhancing and validating the data and information they hold about you. For example, to detect fraud and/or confirm the accuracy of your data or to provide propensity to pay and credit risk
reporting.
To assist a company you have a relationship with and/or other financial institutions with reporting services that may assist them with ascertaining affordability risk including financial vulnerability.
To assist companies in discharging their legal and regulatory obligations around affordability.
To assist companies in discharging their legal and regulatory obligations around both general and financial vulnerability, obligations can vary dependant on sector.
Examples include: assisting gaming companies in complying with responsible gaming legislation to identify customers who may fall into the definition of a vulnerable customer and financial institutions in respect of the FCA
Lawful Basis
Legitimate interests of:
1. developing the business of Infinian and of our Customers;
2. tracing and verifying an individual for
the various uses set out in the examples.
Legitimate interests of:
1. developing the business of Infinian and of our Customers;
2. the Customer being able to make informed credit decisions and validate and enhance the information they hold.
Legitimate interests of:
1. developing the business of Infinian
and of our Customers;
2. the Customer being able to make informed credit decisions in respect of their affordability criteria and discharge their regulatory obligations in respect of the same.
Legitimate interests of:
1. developing the business of Infinian and of our Customers;
2. the third party being able to make informed decisions with regard to a consumer’s vulnerability.
The Customers who may use your personal data for all or some of the above purposes are listed below. You can find out more about how they use your personal information by reading their respective privacy policies (see the links below).
Crediva: https://crediva.co.uk/processing-notice/
Datatrac: https://www.datatrac.co.uk/privacy-policy
Data on demand: https://dataondemand.co.uk/personal-data-privacy-notice/
Department of Trust:
GB Group plc: https://www.gbgplc.com/en/legal-and-regulatory/products-servicesprivacy-policy/
LexisNexis Risk Solutions: https://risk.lexisnexis.com/corporate/privacy-policy
Newday Cards Limited: https://www.newday.co.uk/site-services/privacy-policy/
Perch group: https://www.perchgroup.co.uk
Transunion: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau
Scottish Assets: https://www.angloscottishfinance.co.uk/wpcontent/uploads/2024/01/Privacy-policy-January-24.pdf
We may also share your personal information with the following third parties if either we are under a legal obligation to do so or where it is in our legitimate interests to do so, or in reliance on such third party's legitimate interests.
Debt collection agencies
Credit Referencing Agencies
Data aggregation companies
Data bureaux
Identity and Verification service providers
Tracing companies
Government agencies
Banks and other financial institutions
Gaming companies
TransUnion - TransUnion will use your personal information for analysing and modelling your personal Information (such as predicting information about you), to help you to be traced if important information or assets should be returned to you.
They may also use your data in a similar manner to aid debt recovery. The data may also be used to prevent fraud by helping to identify you (for instance when applying for new products). TransUnion may also provide the data (including the modelled data) to other organisations to aid the assessment and pricing of credit, insurance and similar financial products for you, in particular when very little other data is available. In addition, the data may be used for the prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of a tax or duty or an imposition of a similar nature.
If you do not wish for your data to be used this way by TransUnion then please contact us.
For details of the TransUnion privacy policy, click here.
We may also use the data for Infinian’s own legitimate interest purposes as outlined below
What we use your personal information for
To improve our business and develop and improve the ways we serve our Customers.
Further detail
Extract certain information for the purpose of generating statistics for our own internal purposes (including credit and/or behaviour scoring, and
market product analysis).
Develop and manage products and services.
Lawful basis we rely upon
1. Necessary for the legitimate interest of improving and developing our business and the products and services we provide to Customers.
5. DISCLOSURES OF YOUR PERSONAL DATA
We also may share your personal data with the parties set out below for the purposes set out in the table “Purposes for which we will use your personal data” above.
• External Third Parties: these are companies who provide services to us and who may process your personal information based solely on the instructions they receive from us. For example, IT providers and companies that host our platforms and
keep them secure.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use
your personal data in the same way as set out in this privacy policy.
• Companies within our Group: Quint Group Limited
• Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights,
or (iii) to protect your vital interests or those of any other person;
6 INTERNATIONAL TRANSFERS
Your personal information is stored on our secure servers in the UK. We do not transfer your personal data outside the UK.
7 DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees,
agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Our security measures include encryption of data in transit and at rest using industry standard protocols, access controls with role-based permissions, regular security assessments and penetration testing, staff training on data protection, and incident response procedures.
8 DATA RETENTION
The amount of time we hold your information depends on the reason it was provided. Your data will not be kept indefinitely and will only be kept for as long as is required for legitimate business reasons (for example to provide you with our Services or for the other reasons we explained above) and in order for us to comply with our legal and regulatory obligations.
The personal information we receive when you make an application (whether on our website or which comes to us via one of the websites of our affiliates) is kept for a minimum of six years, which will commence at the end of the relationship. We are
required to do so to ensure that if any disputes or complaints are raised, we have your information to enable us to address the complaints or disputes.
To request details relating to your personal data retention, please use the contact details here.
Specific retention periods for different categories of personal data are as follows:
Identity verification data - 6 years from end of relationship; Credit assessment data - 6 years from assessment date; Fraud prevention data - 6 years from detection; Marketing data - 3 years from last interaction; Website analytics data - 2 years from collection. These periods comply with our legal and regulatory obligations under financial services legislation.
9 YOUR LEGAL RIGHTS
You have the following legal rights regarding the processing of your personal data:
The right to be informed
You have a right to be informed about how your personal data is processed in a concise, transparent, intelligible and easily accessible manner, written in clear and plain language, that is free of charge. This is the purpose of this Privacy Policy.
The right of access
You have the right to obtain confirmation that your data is being processed and to have access to that personal data. You can request this using the contact details here.
The right to rectification
You have the right to have your personal data rectified if it is incorrect or incomplete and we must notify any third parties that we have shared your data to do the same.
You can request this using the contact details here.
The right to erasure
You have a “right to be forgotten”, or to have your personal data erased and to prevent processing. The right is not absolute and in certain circumstances this may not be possible (for example where we have to keep your personal data for legal or regulatory reasons). We must notify any third parties that have been shared your data of your request. You can request this using the contact details here.
The right to restrict processing
You have the right to ‘block’ or suppress the processing of your personal data. This does not stop the storing of your personal data, as it may be required to restrict processing in the future. We must notify any third parties that have shared your data of
your request. You can request this using the contact details here.
The right to data portability
You have the right to obtain and reuse your personal data for your own purposes across different services in a safe and secure way, without hindrance to usability. You can request this using the contact details here.
The right to object
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. You can request this using contact details here.
Rights in relation to automated decision making and profiling
You have a right to object to automated decision making, to express your point of view, ask for human intervention, and to be provided with an explanation of the decision with your option to challenge it. You can request this using the contact details here.
The right to withdraw consent
If you have given us explicit consent to process your personal data you have a right to withdraw that consent at any time, including but not limited to the removal of consent to be contacted for marketing purposes. You can request this using the contact details here.
The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with us directly and / or with a supervisory authority. In the UK the relevant authority is the Information Commissioner’s Office (ICO). You can find their contact details here. To exercise this right, please contact our DPO at dpo@infinian.co.uk or write to us at the address provided in 1. We will respond within one month and may request identity verification for security purposes.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who does not have a right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We aim to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
Glossary
Customers means the third parties listed or described in “How we use your personal data” (above) who use Infinian’s products and services
Data Suppliers means third party data suppliers in the consumer credit industry and digital marketing companies serving that sector, namely Monevo Limited, Choose Wisely Limited, Comparitec Limited, and Credit Technologies Limited
External Third Parties
• Service providers acting as processors who provide IT and system administration services.
• Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
Lawful Basis
Legitimate interest means the interest of Infinian in conducting and managing its business to enable us to give our Customers the best services or products and the best and most secure experience. We make sure we consider and balance any potential impact on you as an individual (both positive and negative) and your rights before we process your personal data for a legitimate interest. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interest against any potential impact on you in respect of specific activities by contacting us. A legitimate interest may include legitimate business interests which provide a societal benefit, such as preventing fraud, protecting vulnerable customers, crime prevention and detection.
Compliance with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that Infinian is subject to.